Yellow Dog Linux Security Advisory: YDU-20030607-1
Terra Soft Security Team
yellowdog-updates@lists.terrasoftsolutions.com
Tue, 10 Jun 2003 14:54:14 -0600
Yellow Dog Linux Security Announcement
--------------------------------------
Package: ghostscript
Issue Date: Jun 07,2003
Priority: medium
Advisory ID: YDU-20030607-1
1. Topic:
Updated ghostscript packages are available.
2. Problem:
"GNU Ghostscript is an interpreter for the PostScript language, and is often
used when printing to printers that do not have their own built-in
PostScript interpreter.
A flaw in unpatched versions of Ghostscript before 7.07 allows malicious
postscript files to execute arbitrary commands even with -dSAFER enabled.
Users of Ghostscript are advised to upgrade to these updated packages,
which contain a backported patch and are not vulnerable to this issue."
(From Red Hat Advisory)
3. Solution:
a) Updating via apt...
We suggest that you use the apt-get program to keep your
system up-to-date. The following command(s) will retrieve
and install the fixed version of this update onto your system:
apt-get update
apt-get install ghostscript
b) Updating manually...
Download the updates below and then run the following rpm command.
(Please use a mirror site)
rpm -Fvh [filenames]
Yellow Dog Linux 3.0
ftp://ftp.yellowdoglinux.com/pub/yellowdog/updates/yellowdog-3.0/
ppc/ghostscript-7.05-32.1.ppc.rpm
ppc/ghostscript-devel-7.05-32.1.ppc.rpm
ppc/hpijs-1.3-32.1.ppc.rpm
4. Verification
MD5 checksum Package
-------------------------------- ----------------------------
[Yellow Dog Linux 3.0]
321e4c2012be50847425f96eaa164d13 SRPMS/ghostscript-7.05-32.1.src.rpm
8d3cf8db0e2a4eecec3fe794f9fa2389 ppc/ghostscript-7.05-32.1.ppc.rpm
fdd0fc79f2994258fa5d300fefeed81e ppc/ghostscript-devel-7.05-32.1.ppc.rpm
9690e19cfffe5f45b04e67296d9461b1 ppc/hpijs-1.3-32.1.ppc.rpm
If you wish to verify that each package has not been corrupted or tampered with,
examine the md5sum with the following command: md5sum <filename>
5. Misc.
Terra Soft has setup a moderated mailing list where these security, bugfix, and package
enhancement announcements will be posted. See http://lists.terrasoftsolutions.com/ for more
information.
For information regarding the usage of apt-get, see:
http://www.yellowdoglinux.com/support/solutions/ydl_general/apt-get.shtml